Aspects of Remote SIM (Subscriber Identity Module) provisioning include the downloading, installing, enabling, disabling, switching and deleting of a profile on an eUICC. An eUICC is a secure element for hosting profiles. A profile is a combination of operator data and applications provisioned on an eUICC in a device for the purposes of providing services by an operator. A profile can contain one or more secure data used to prove identity and thus verify contract rights to services. During assembly of a device, the eUICC can be inserted into the device by an eUICC manufacturer.
There is a need to improve profile management of an eUICC in consumer/enterprise environments and in machine-to-machine environments and in mixed scenarios.
A profile can be identified by a unique number called an Integrated Circuit Card Identifier (ICCID). Profile management can include a combination of local and remote management operations such as enable profile, disable profile, delete profile, and query profiles present on an eUICC. An operator is a company providing wireless cellular network services. A mobile network operator (MNO) is an entity providing access capability and communication services to its subscribers through a mobile network infrastructure. In some cases, the device is user equipment used in conjunction with an eUICC to connect to a mobile network. In a machine-to-machine (M2M) environment, a device may not be associated with a user and may have no user interface. An end user is a person using a (consumer or enterprise) device. An enabled profile can include files and/or applications which are selectable over an eUICC-device interface.
A function which provides profile packages is known as a subscription manager data preparation (SM-DP, also referred to as SM-DP+). An SM-DP may also be referred to as a profile provider or as an eSIM vendor. An eSIM is an electronic SIM. An eSIM is an example of a profile. A profile package can be a personalized profile using an interoperable description format that is transmitted to an eUICC as the basis for loading and installing a profile. Profile data which is unique to a subscriber, e.g., a phone number or an International Mobile Subscriber Identity (IMSI), are examples of personalization data. The SM-DP communicates over an interface with an eUICC. Certificates used for authentication and confidentiality purposes can be generated by a trusted certificate issuer.
There is a need to improve ability to manage profiles in an eUICC while only granting profile access to authorized parties.
An architecture framework related to remote provisioning and management of eUICCs in devices is outlined in GSM Association document GSMA SGP.21: “RSP Architecture,” Version 1.0 Dec. 23, 2015 (hereinafter “SGP.21”). Remote provisioning and management of eUICCs in machine-to-machine devices which are not easily reachable is discussed in GSMA SGP.02: “Remote Provisioning Architecture for Embedded UICC Technical Specification,” Version 3.0, Jun. 30, 2015 (hereinafter “SGP.02”).
An eUICC includes an operating system, and the operating system can include ability to provide authentication algorithms to network access applications associated with a given operator. The operating system also can include the ability to translate profile package data into an installed profile using a specific internal format of the eUICC. An ISD-P (issuer security domain-profile) can host a unique profile within an eUICC. The ISD-P is a secure container or security domain for the hosting of the profile. The ISD-P is used for profile download and installation based on a received bound profile package. A bound profile package is a profile package which has been encrypted for a target eUICC. An ISD-R (issuer security domain-root) is a function in a eUICC responsible for the creation of new ISD-Ps on the eUICC. An ECASD (embedded UICC controlling authority security domain) provides secure storage of credentials required to support the security domains on eUICC 102. A controlling authority security domain (CASD) may also be referred to as a “key store” herein. A security domain within the eUICC contains the operator's over the air (OTA) keys and provides a secure OTA channel. OTA keys are credentials used by an operator for remote management of operator profiles on an eUICC.
Interest is becoming widespread in the use of eUICCs in both consumer/enterprise devices such as mobile phones and in machine-to-machine environments, for example, in cars.
A machine-to-machine environment is one in which devices communicate with each other directly. A phenomenon called the Internet of Things (IOT) includes sensors, cameras, cars, and utility meters having internet addresses. For example, one machine-to-machine concept includes utility meters aggregating data and uploading it via a wireless network. Some profile management operations in a machine-to-machine environment are carried out through an SM-SR (subscription manager secure routing). An SM-DP communicates with a eUICC directly or through an SM-SR. An MNO can communicate with an eUICC directly or through an SM-SR.
An eUICC for use in a machine-to-machine environment comprises several security domains for the purpose of profile management. Identifiers are associated with security domains. Applications within a security domain have a trust relationship. Further description of security domains is available in GSMA SGP.01: “Embedded SIM Remote Provisioning Architecture,” Version 1.1, Jan. 30, 2014.
Some problems or challenges with profile management on eUICCs in consumer/enterprise devices and in M2M devices are: i) lack of end user consent when an MNO may wish to manage a profile within an end user's device, ii) an MNO requirement that only their contracted SM-DP have an ability to perform profile management on a profile associated with the MNO, and iii) a need to have machine-to-machine profiles and consumer or enterprise profiles share the same eUICC.